Re: pop up warning

From: N. Miller (nsm_at_blackhole.aosake.net)
Date: 12/08/03

• Next message: Steven Licudi: "Certificate of authenticity"
• Previous message: N. Miller: "Re: "unsafe attachments""
• In reply to: paula: "pop up warning"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 8 Dec 2003 12:46:29 -0800

In article <094501c3bda9$fd30c3a0$a401280a@phx.gbl>,
anonymous@discussions.microsoft.com says...
> When I am online, approximately every 5-10 minutes, my cd
> rom door ejects and a warning comes up stating that they
> know the town I live in and that my computer is unsafe.
> What is going on and what do I do to stop it?

You probably have a "RAT", a "Remote Access Trojan". Some of the popular
anti virus programs will catch the common RATs, as will some of the popular
adware detectors; but you probably need to use something like these:

http://www.pestpatrol.com/
http://www.nsclean.com/boclean.html

The first one is free, but the second one is better. You also should have,
at the least, one of the personal firewall products installed. I like Kerio
Personal Firewall, but it is harder for some people to understand; Zone
Alarm is good for easy to understand and use:

http://www.zonelabs.com/store/content/home.jsp

They have both a paid and a free version. If you are willing to give Kerio a
try, go here:

http://www.kerio.com/us/kpf_home.html

It is free for personal use.

For adware detection there are Lavasoft Ad-Aware and Spybot Search &
Destroy:

http://lavasoft.element5.com/default.shtml.en
or, in the U.S.:
http://www.lavasoftusa.com/

http://www.safer-networking.org/

Some people use both. You probably can find anti virus products easily
enough on your own; they are usually highly publicized, compared with the
products above. You need to keep the AV definitions current, though; usually
a weekly update is sufficient, but don't go longer!

It will probably be best to find a computer which has not been compromised
to obtain those programs.

With a Trojan on the computer, though, you may find it difficult to
completely root it out. It may be necessary to back up your data, then
format your discs and reinstall the operating system.

Whether you choose that route, or not; once you have the software, set it
up, if possible, on a computer which has not been compromised, and on a
bootable medium (CD is best, if your computer will boot from a CD; floppy,
if necessary). Disconnect your compromised computer from the Internet, and
boot from the disc that you created. Run the anti virus first, then the
Trojan killers, then the adware/spyware killers.

Once the computer is clean (either by running the software, or by
reinstalling the system), set up the firewall. Only when the firewall is in
place should you go back to the Internet. Once back online, get all of the
MS critical patches for your OS. Then make sure your anti virus is up to
date.

Learn how to secure MSIE against exploits. I set any sites, such as MS
Windows Update, in the "Trusted sites" zone, then tighten up the "Internet
zone" to prompt for scripts. It is better to deal with script permission pop
ups than to risk infestation with malicious code.

To learn other "Safe Hex" practices, visit this site:

http://www.claymania.com/safe-hex.html

The Internet isn't quite as safe as Microsoft and your ISP would like you to
believe; but the hazard is manageable, if you pay attention. Oh, and the
idiot banging your CD drawer around can't know more than a geographically
wide area about where you live. Anyone looking at my IP address, which is
visible in the posting headers, if your viewer can show the headers (I have
not found a way to get the CDO web interface to do that), might guess that I
live in a given geographical region that encompasses several cities; but if
he takes the ISP's city code in the reverse DNS name as my city, he'd be
quite wrong!

-- 
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint

---

• Next message: Steven Licudi: "Certificate of authenticity"
• Previous message: N. Miller: "Re: "unsafe attachments""
• In reply to: paula: "pop up warning"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Personal Firewalls ... automatically report abuse to ISP's and to the DShield.org web site. ... BlackICE PC Protection ... malicious activity in both applications and Internet protocols. ... Freedom Personal Firewall ... (Security-Basics) Re: sygate and shields up ... that no services are being offered to the Internet. ... useful information is sent to anyone else. ... The misconception that 'stealth' hides your IP is ... misconception is that a personal firewall will keep malware off your PC. ... (comp.security.firewalls) Re: Personal firewall with no user-interaction ... > In order to protect those computers from attacks from the internet I ... > need to deploy a personal firewall that installs as ... If the users are not allowed to install software, ... (comp.security.firewalls) Omniquad Personel Firewall v1.4.92 Released... ... Omniquad Personal Firewall keeps your computer shielded from hackers by ... computer is fully locked - Medium - everything closed to Internet ... hosts and your computer still open to trusted zone computers - Low - ... immediately shut down all network access, ... (comp.software.shareware.announce) Omniquad Personal firewall v1.4.92 Released ... Omniquad Personal Firewall keeps your computer shielded from hackers by ... computer is fully locked - Medium - everything closed to Internet ... hosts and your computer still open to trusted zone computers - Low - ... immediately shut down all network access, ... (comp.software.shareware.announce)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)